In March 2023, Orrick, Herrington & Sutcliffe suffered a major data breach where hackers infiltrated their systems, compromising the names, addresses, birth dates, and Social Security numbers of over 600,000 individuals. The breach led to a class-action lawsuit, forcing the firm to pay $8 million in settlements. The exposed data included highly sensitive personal and financial records, violating attorney-client confidentiality and exposing clients to identity theft, fraud, and reputational harm. The incident underscored vulnerabilities in the firm’s cybersecurity defenses, particularly around third-party access, weak authentication, and insufficient monitoring. The breach not only resulted in financial losses but also severely damaged the firm’s trustworthiness, prompting clients to question data protection measures. The attack was likely facilitated by exploited vulnerabilities or phishing, aligning with broader trends of cybercriminals targeting law firms for their troves of high-value legal and corporate data.
Source: https://www.helpnetsecurity.com/2025/09/23/law-firms-cyberthreats/
TPRM report: https://www.rankiteo.com/company/orrick
"id": "orr1642316100525",
"linkid": "orrick",
"type": "Breach",
"date": "3/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '600,000+ individuals',
'industry': 'Legal',
'location': 'Global (HQ: USA)',
'name': 'Orrick, Herrington & Sutcliffe',
'size': 'Large',
'type': 'Law Firm'},
{'industry': 'Legal Aid',
'location': 'United Kingdom',
'name': 'UK Legal Aid Agency',
'type': 'Government Agency'},
{'industry': 'Legal',
'location': 'Global',
'name': 'Unnamed Law Firms (20% targeted in 2023-2024)',
'size': 'Varies (Small firms most vulnerable)',
'type': 'Law Firms (Small to Large)'}],
'attack_vector': ['Weak/Shared Passwords',
'Lack of Multi-Factor Authentication (MFA)',
'Outdated/Unpatched Software',
'Unsecured Printers',
'Poor Data Storage Practices (Unsecured Cloud/Devices)',
'Phishing (Email, Vishing, Callback Phishing)',
'Third-Party Vendor Exploits',
'Remote Access Tools (Zoho Assist, AnyDesk)',
'AI-Generated Deepfakes',
'Nation-State Actors'],
'customer_advisories': 'Orrick notified affected individuals per settlement '
'terms; UK Legal Aid Agency likely issued notices',
'data_breach': {'data_encryption': 'Likely lacking (based on described '
'vulnerabilities)',
'data_exfiltration': 'Yes (Silent Ransom Group, Orrick '
'breach)',
'number_of_records_exposed': '600,000+ (Orrick breach)',
'personally_identifiable_information': 'Names, addresses, '
'birth dates, SSNs',
'sensitivity_of_data': 'High (PII, legal confidentiality)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Records',
'Legal Strategies',
'Client Communications',
'Sensitive Case Information']},
'description': 'Law firms of all sizes are increasingly targeted by '
'cybercriminals due to their possession of valuable client '
'data, including financial records, legal strategies, and '
'personally identifiable information (PII). Exploited '
'vulnerabilities include weak passwords, outdated systems, '
'insufficient cybersecurity awareness, and third-party risks. '
'Notable incidents include the Orrick, Herrington & Sutcliffe '
'breach (2023), Silent Ransom Group attacks (2022-2025), and '
'the UK Legal Aid Agency breach. Emerging threats include '
'AI-driven phishing, deepfake scams, and nation-state '
'espionage. Mitigation strategies emphasize incident response '
'planning, employee training, multi-factor authentication '
'(MFA), encryption, and patch management.',
'impact': {'brand_reputation_impact': 'High (Erosion of client trust, '
'potential loss of business)',
'customer_complaints': 'Class action lawsuit (Orrick, Herrington & '
'Sutcliffe)',
'data_compromised': ['Names',
'Addresses',
'Birth Dates',
'Social Security Numbers (600,000+ records in '
'Orrick breach)',
'Sensitive Case Information (UK Legal Aid '
'Agency)'],
'downtime': 'UK Legal Aid Agency: Online applications, payments, '
'and case processing halted',
'financial_loss': '$8 million (Orrick, Herrington & Sutcliffe '
'settlement)',
'identity_theft_risk': 'High (Exposed PII in Orrick breach)',
'legal_liabilities': '$8 million settlement (Orrick, Herrington & '
'Sutcliffe)',
'operational_impact': 'Disruption of legal services, loss of '
'client trust, regulatory scrutiny',
'systems_affected': ['Client-Facing Systems',
'Cloud Storage',
'Practice Management Software',
'Digital Services (UK Legal Aid Agency '
'offline)',
'Printers (Overlooked Attack Vector)']},
'initial_access_broker': {'backdoors_established': 'Likely (Silent Ransom '
'Group modus operandi)',
'data_sold_on_dark_web': 'Threatened by Silent '
'Ransom Group',
'entry_point': ['Phishing (Callback/Vishing)',
'Unpatched Systems',
'Third-Party Vendor Exploits',
'Remote Access Tools (Zoho Assist, '
'AnyDesk)'],
'high_value_targets': ['Client PII',
'Financial Records',
'Legal Strategies',
'Government Case Data (UK '
'Legal Aid Agency)']},
'investigation_status': 'Ongoing (Silent Ransom Group active as of 2025; '
'Orrick settlement closed)',
'lessons_learned': ['Law firms are high-value targets due to sensitive data '
'and often weak cybersecurity postures.',
'Small firms are disproportionately vulnerable due to '
'lack of dedicated IT/security staff.',
'AI and deepfakes introduce sophisticated new attack '
'vectors, including social engineering and evidence '
'tampering.',
'Third-party vendors and overlooked devices (e.g., '
'printers) are critical attack surfaces.',
'Proactive measures (MFA, RBAC, patch management) '
'significantly reduce risk.'],
'motivation': ['Financial Gain (Ransomware, Data Theft)',
'Espionage (Nation-State)',
'Data Exfiltration for Dark Web Sales',
'Disruption of Legal Services'],
'post_incident_analysis': {'corrective_actions': ['Separate cybersecurity '
'from general IT roles in '
'larger firms.',
'Mandate MFA and password '
'managers for all accounts.',
'Automate patch management '
'and vulnerability '
'scanning.',
'Conduct regular phishing '
'simulations and training.',
'Implement RBAC and audit '
'privileged accounts.',
'Encrypt all sensitive data '
'at rest and in transit.',
'Develop and test incident '
'response plans annually.',
'Monitor dark web for '
'exposed firm/client data.',
'Invest in AI-driven threat '
'detection for '
'deepfakes/phishing.'],
'root_causes': ['Lack of dedicated cybersecurity '
'staff (especially in small firms)',
'Overlap of IT and cybersecurity '
'roles in larger firms',
'Weak authentication (no MFA, '
'shared passwords)',
'Unpatched vulnerabilities in '
'software/hardware',
'Insufficient employee awareness '
'training',
'Poor data storage/encryption '
'practices',
'Third-party vendor risks',
'Emerging AI threats (deepfakes, '
'AI-phishing)']},
'ransomware': {'data_encryption': 'Yes (Silent Ransom Group modus operandi)',
'data_exfiltration': 'Yes (Threatened leakage/sale of data)',
'ransomware_strain': 'Silent Ransom Group (active since 2022)'},
'recommendations': ['Implement and test an incident response plan with '
'clear roles for IT, legal, and operations teams.',
'Conduct regular employee training on phishing, BEC, '
'and social engineering, with hands-on exercises.',
'Enforce strong passwords + MFA across all systems '
'(email, cloud, practice management).',
'Automate encrypted backups and validate recovery '
'procedures under realistic conditions.',
'Apply encryption for data at rest and in transit, '
'with periodic protocol reviews.',
'Prioritize patch management for software, firmware, '
'and network devices, including printers.',
'Adopt role-based access control (RBAC) and audit '
'privileged accounts for anomalies.',
'Monitor third-party vendor risks and enforce '
'security requirements in contracts.',
'Prepare for AI-driven threats (deepfakes, '
'AI-phishing) with advanced detection tools.',
'Engage external cybersecurity audits to identify '
'blind spots, especially for small firms.'],
'references': [{'source': 'Proton (Cyberattack Statistics)'},
{'source': 'FBI Warning on Silent Ransom Group'},
{'source': 'ISACA (Deepfake Threat Report)'},
{'source': 'Orrick, Herrington & Sutcliffe Class Action '
'Settlement (2024)'},
{'source': 'UK Legal Aid Agency Breach Disclosure'}],
'regulatory_compliance': {'legal_actions': '$8 million class action '
'settlement (Orrick)',
'regulations_violated': ['Attorney-Client '
'Confidentiality',
'Data Protection Laws '
'(e.g., GDPR for UK Legal '
'Aid Agency)']},
'response': {'containment_measures': ['Systems taken offline (UK Legal Aid '
'Agency)',
'Class action settlement (Orrick)'],
'incident_response_plan_activated': 'Partial (Orrick settled '
'lawsuit; UK Legal Aid '
'Agency took systems '
'offline)',
'law_enforcement_notified': 'FBI warned U.S. law firms about '
'Silent Ransom Group'},
'stakeholder_advisories': 'FBI advisory to U.S. law firms; general warnings '
'from cybersecurity experts (e.g., ISACA)',
'threat_actor': ['Silent Ransom Group',
'Nation-State Actors',
'Cybercriminals (Phishing/Deepfake Operators)',
'Initial Access Brokers (IABs)'],
'title': 'Cybersecurity Threats and Data Breaches in Law Firms (2023-2025)',
'type': ['Data Breach',
'Ransomware',
'Phishing',
'Social Engineering',
'Espionage',
'AI-driven Attacks (Deepfakes)'],
'vulnerability_exploited': ['Weak Access Controls',
'Unpatched Systems (Software/Hardware)',
'Lack of Encryption (Data at Rest/In Transit)',
'Insufficient Employee Training',
'Shared Accounts',
'Unmonitored Privileged Accounts',
'Lack of Role-Based Access Control (RBAC)']}